package com.zby.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;

import static jakarta.servlet.DispatcherType.ERROR;
import static jakarta.servlet.DispatcherType.FORWARD;

@Configuration
public class SecurityConfig {

    @Bean
    SecurityFilterChain web(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(authorize -> authorize
                        .requestMatchers("/user/*", "/category/*","/**").permitAll()
                        .anyRequest().authenticated()
                )// 禁用表单登录和默认登录页
                .formLogin(AbstractHttpConfigurer::disable)
                // 禁用CSRF（方便API测试）
                .csrf(AbstractHttpConfigurer::disable);


        return http.build();
    }
}
